Spammers using Bayesian Filtering

Discussion in 'NZ Computing' started by Evil Bastard, Aug 26, 2003.

  1. Evil Bastard

    Evil Bastard Guest

    In the latest wave of spam, I'm now seeing a lot of messages getting
    through the Bayesian filters.

    From which I can only conclude that the spammers have gotten wise, and are
    now vetting their messages with Bayesian filters before sending them.

    If this trend continues, then even the best-trained Bayesian filters will
    start getting false positive and false negative rates approaching 50%.

    As much as I hate to say it, it might soon be time to go to full
    challenge/response (C/R) email filtering (aka 'whitelist').

    Ah, but then the spammers will write code to parse the challenge and
    auto-respond.

    Then, the C/R systems will start sending images with letters/numbers on
    them, intended to be easily read by humans but hard for software to read.

    Then, the spammers will start using neural net code to read the graphics.

    Phew, is this ever gonna end?
     
    Evil Bastard, Aug 26, 2003
    #1
    1. Advertising

  2. Evil Bastard

    Evil Bastard Guest

    On Tue, 26 Aug 2003 18:43:58 +0000, Uncle StoatWarbler wrote:

    >> Then, the C/R systems will start sending images with letters/numbers on
    >> them, intended to be easily read by humans but hard for software to read.

    >
    > At which point all blind and non(your language) speakers may as well give
    > up and switc off their computers.


    Makes me wonder what the state of play is in textured monitors, whereby
    pixels are represented by raised pints on a surface that can be felt.

    >> Then, the spammers will start using neural net code to read the graphics.
    >>
    >> Phew, is this ever gonna end?

    >
    > What the world needs is a few more dead spammers. 2 was a start, but the
    > lesson has faded.


    Or something similarly heavy. For instance, anyone in Europe with
    wholesale contacts sending them small parcels with ecstasy pills, or
    kiddie porn magazines etc. Or, some h4x0r to root their boxen and surf
    some child pr0n sites/newsgroups.

    I can gleefully imagine a spammer in jail, being done over by cellmates,
    who say, "Get me some penis enlargement pills, bitch!"
     
    Evil Bastard, Aug 26, 2003
    #2
    1. Advertising

  3. Evil Bastard

    Peter KERR Guest

    In article <pan.2003.08.26.14.57.31.121131@127.0.0.1>,
    Evil Bastard <postmaster@127.0.0.1> wrote:
    > In the latest wave of spam, I'm now seeing a lot of messages getting
    > through the Bayesian filters.
    >
    > From which I can only conclude that the spammers have gotten wise, and are
    > now vetting their messages with Bayesian filters before sending them.
    >


    The kindly mail gnomes at our place have installed a new filter which
    parses all headers and content of everything coming in. Builds a score
    for each msg based on the number of "bad" points found, then at the
    threshold level tags the subject line with ***SPAM*** and adds a subject
    line with its scorecard. It all gets passed thru to the user 'cos some
    of our ppl need to get spam...

    Here's a couple of recent:

    X-Spam-Status: Yes, hits=6.9 tagged_above=1.0 required=6.3
    tests=DATE_IN_PAST_03_06, FORGED_MUA_EUDORA, FRONTPAGE, HOT_NASTY,
    HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_GREEN, HTML_MESSAGE,
    MIME_HTML_ONLY, MISSING_MIMEOLE, MISSING_OUTLOOK_NAME

    X-Spam-Status: Yes, hits=7.5 tagged_above=1.0 required=6.3
    tests=FORGED_MUA_OIMO, HTML_70_80, HTML_IMAGE_ONLY_06,
    HTML_IMAGE_RATIO_04,
    HTML_MESSAGE, MIME_HTML_ONLY, MISSING_MIMEOLE
     
    Peter KERR, Aug 27, 2003
    #3
  4. Evil Bastard

    T.N.O. Guest

    "Peter KERR" wrote
    > Builds a score
    > for each msg based on the number of "bad" points found, then at the
    > threshold level tags the subject line with ***SPAM*** and adds a subject
    > line with its scorecard. It all gets passed thru to the user 'cos some
    > of our ppl need to get spam...
    >
    > Here's a couple of recent:
    >
    > X-Spam-Status: Yes, hits=6.9 tagged_above=1.0 required=6.3
    > tests=DATE_IN_PAST_03_06, FORGED_MUA_EUDORA, FRONTPAGE, HOT_NASTY,
    > HTML_40_50, HTML_FONT_BIG, HTML_FONT_COLOR_GREEN, HTML_MESSAGE,
    > MIME_HTML_ONLY, MISSING_MIMEOLE, MISSING_OUTLOOK_NAME
    >
    > X-Spam-Status: Yes, hits=7.5 tagged_above=1.0 required=6.3
    > tests=FORGED_MUA_OIMO, HTML_70_80, HTML_IMAGE_ONLY_06,
    > HTML_IMAGE_RATIO_04,
    > HTML_MESSAGE, MIME_HTML_ONLY, MISSING_MIMEOLE


    Welcome to Spam Assissign, aint it great.
     
    T.N.O., Aug 27, 2003
    #4
  5. Evil Bastard

    Hugh Lilly Guest

    On Wed, 27 Aug 2003 11:23, Peter KERR <> wrote in nz.comp:

    > In article <pan.2003.08.26.14.57.31.121131@127.0.0.1>,
    > Evil Bastard <postmaster@127.0.0.1> wrote:
    >> In the latest wave of spam, I'm now seeing a lot of messages getting
    >> through the Bayesian filters.
    >>
    >> From which I can only conclude that the spammers have gotten wise, and
    >> are now vetting their messages with Bayesian filters before sending them.
    >>

    >
    > The kindly mail gnomes at our place have installed a new filter which
    > parses all headers and content of everything coming in. Builds a score
    > for each msg based on the number of "bad" points found, then at the
    > threshold level tags the subject line with ***SPAM*** and adds a subject
    > line with its scorecard.


    That would be SpamAssassin. http://www.spamassassin.org

    > It all gets passed thru to the user 'cos some
    > of our ppl need to get spam...


    It's easy enough to filter everything that has *****SPAM***** in the
    subject; even M$OE can do that...

    Cheers,

    Hugh.
    --
    (C) 2003 Hugh Lilly
    mail:
    blog: http://hugh.orcon.net.nz
    Registered Linux User # 295486, register @ http://counter.li.org
     
    Hugh Lilly, Aug 27, 2003
    #5
  6. Evil Bastard

    Who is this Guest

    In article <pWZ2b.14187$>,
    Wilf Laurier <> wrote:

    > Evil Bastard allegedly said:
    >
    > > As much as I hate to say it, it might soon be time to go to full
    > > challenge/response (C/R) email filtering (aka 'whitelist').

    >
    > Nope. The *best* way is to completely block the sending IP addresses at the
    > server.
    >
    > A very blunt filter.....but I can guarantee you never get spam from the same
    > IP address twice.
    >
    > :)
    >
    >


    Yes but unfortunately with IPv6 just around the corner there are
    suddenly millions of IP addresses that can be forged and used.
     
    Who is this, Aug 27, 2003
    #6
  7. Evil Bastard

    Robyn Nunn Guest

    On Wed, 27 Aug 2003 18:39:46 +1000, Jay <> wrote:

    >I haven't received any spam or over a year.
    >Maybe you are giving your email address to the wrong people.


    The problem is, once the spammers have your email address - how do you
    fix the problem without changing your email?

    I've started replying to the removal notices despite what is the
    common consensus not to. I get so much spam, what do I have to lose?
     
    Robyn Nunn, Aug 27, 2003
    #7
  8. Evil Bastard

    Peter Murray Guest

    "Gib Bogle" <> wrote in message
    news:bih7p9$5rr$...
    > Evil Bastard wrote:
    >
    > > Phew, is this ever gonna end?

    >
    > Probably it'll end only when there is a charge for email.
    >

    Or when spammers realise that their method of marketing does not work.
    Surely nobody buys stuff from spammers do they?
     
    Peter Murray, Aug 27, 2003
    #8
  9. On Wed, 27 Aug 2003 21:22:43 +1200, Evil Bastard wrote:

    >
    > If the spammer is sending through an ISP, then you'll be blocking all
    > emails from that ISP, including possible legitimate messages from other
    > users.


    When that happens, the screams from the other users are usually the only
    thing which will encourage the ISP to actually do somehting about the
    spammer.


    --
    There are 2 sorts of email opt-in lists:
    1: Those which can demonstrate the provenance of every subscription request.
    2: Fraud
     
    Uncle StoatWarbler, Aug 27, 2003
    #9
  10. Evil Bastard <postmaster@127.0.0.1> wrote:
    "Then, the C/R systems will start sending images with letters/numbers
    on
    them, intended to be easily read by humans but hard for software to
    read.

    Then, the spammers will start using neural net code to read the
    graphics."


    Both of these have already happened, at least for authenticating
    humans for obtaining system accounts (as on SlashDot and Yahoo). See,
    for instance:

    http://www.cedar.buffalo.edu/DIAR03/baird.ppt

    -Will Dwinnell
    http://will.dwinnell.com
     
    Will Dwinnell, Aug 28, 2003
    #10
  11. Evil Bastard

    Evil Bastard Guest

    On Wed, 27 Aug 2003 18:04:41 -0700, Will Dwinnell wrote:

    > Both of these have already happened, at least for authenticating
    > humans for obtaining system accounts (as on SlashDot and Yahoo). See,
    > for instance:
    >
    > http://www.cedar.buffalo.edu/DIAR03/baird.ppt


    What a fascinating study. Thanks for that! :)
     
    Evil Bastard, Aug 28, 2003
    #11
  12. Evil Bastard

    Jay Guest

    Robyn Nunn wrote:

    > On Wed, 27 Aug 2003 18:39:46 +1000, Jay <> wrote:
    >
    >>I haven't received any spam or over a year.
    >>Maybe you are giving your email address to the wrong people.

    >
    > The problem is, once the spammers have your email address - how do you
    > fix the problem without changing your email?


    You change you email. And next time you are more careful.

    >
    > I've started replying to the removal notices despite what is the
    > common consensus not to. I get so much spam, what do I have to lose?


    Change your email. Unless you enjoy bashing your head against a brick
    wall.
     
    Jay, Aug 28, 2003
    #12
  13. Evil Bastard

    R-Slicks Guest

    On Wed, 27 Aug 2003 21:14:05 +1200, Who is this <> wrote:

    >Yes but unfortunately with IPv6 just around the corner there are
    >suddenly millions of IP addresses that can be forged and used.


    I very much doubt IPv6 will be with us any time soon. It first
    conceived some 7-8 years ago (or something like that). Changing the
    world to a new addressing scheme simply isn't going to happen for a
    looong time.

    --
    DO NOT reply to - it is simply a spam catch.
    You can, if you wish, try "news .at. preou .dot. com"
     
    R-Slicks, Aug 29, 2003
    #13
  14. Evil Bastard

    R-Slicks Guest

    On Thu, 28 Aug 2003 12:37:54 +1200, Evil Bastard
    <postmaster@127.0.0.1> wrote:


    >Sorry, but there is a steady revenue from spam.
    >
    >There are actually people who do buy things purely from spam.


    Who on earth are these people !! :)
    I don't know of anyone that has, or anyone that knows anyone that has.
    WHO ARE THEY ?????!!!!
    <mind boggles>
    :)


    --
    DO NOT reply to - it is simply a spam catch.
    You can, if you wish, try "news .at. preou .dot. com"
     
    R-Slicks, Aug 29, 2003
    #14
  15. Evil Bastard

    Peter Murray Guest

    "R-Slicks" <> wrote in message
    news:...
    > On Thu, 28 Aug 2003 12:37:54 +1200, Evil Bastard
    > <postmaster@127.0.0.1> wrote:
    >
    >
    > >Sorry, but there is a steady revenue from spam.
    > >
    > >There are actually people who do buy things purely from spam.

    >
    > Who on earth are these people !! :)
    > I don't know of anyone that has, or anyone that knows anyone that has.
    > WHO ARE THEY ?????!!!!
    > <mind boggles>
    > :)
    >

    Could someone please tell the spammers who these people are, then they could
    leave the rest of us alone.

    --
    Peter Murray
    open i
    http://www.blenheim.co.nz/open_i
     
    Peter Murray, Aug 29, 2003
    #15
  16. Evil Bastard

    Jay Guest

    T.N.O. wrote:

    > "Jay" wrote
    >> > The problem is, once the spammers have your email address - how do you
    >> > fix the problem without changing your email?

    >>
    >> You change you email. And next time you are more careful.

    >
    > I had heard that Aussies were thick, but for fucks sake, it is the line
    > above your reply...
    > "without changing your email?"


    The best way to get rid of spam without changing your email address
    is to change your email address.

    What is the point of asking a question like:

    "I am getting a lump on my head from banging my head against the wall.
    How can I stop my lump from swelling without stopping from banging
    my head against the wall?"
     
    Jay, Aug 29, 2003
    #16
  17. Evil Bastard

    T.N.O. Guest

    "Jay" wrote
    > The best way to get rid of spam without changing your email address
    > is to change your email address.


    riiiggghhttt...

    > What is the point of asking a question like:
    >
    > "I am getting a lump on my head from banging my head against the wall.
    > How can I stop my lump from swelling without stopping from banging
    > my head against the wall?"


    Take a knife, and slice through the lump... the swelling will not occur.
     
    T.N.O., Sep 1, 2003
    #17
  18. Evil Bastard

    T.N.O. Guest

    "Jay" wrote
    > I have also heard that NZers are incredibly racist and xenophobic.


    Good for you.

    > They are commonly heard saying things like "... I had heard that
    > Aussies were thick ...".


    you know I read it on the internet, so it must be true.

    > The fact is that Aussies are smarter than NZers because:
    > a) they have more money


    Money does not equal intelligence, there are a hell of a lot of dumb arsed
    rich people, world wide.

    > b) they win at more things more often


    That doesnt make them smarter either... just better at doing stuff.

    > c) more people chose to live in Australia than NZ


    more people choose to live in the USA than Australia, surely your not going
    to say that they are smarter than you.

    > d) Aussies don't live in NZ


    Thats an immigration policy set by our govt.

    > e) etc


    uh huh
     
    T.N.O., Sep 1, 2003
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gary G. Taylor

    Spammers and Spanners.

    Gary G. Taylor, Jun 28, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    557
    Slumpy
    Jun 28, 2003
  2. Magic347
    Replies:
    27
    Views:
    1,296
    Wm James
    Jul 3, 2003
  3. Robert
    Replies:
    0
    Views:
    379
    Robert
    Mar 7, 2007
  4. Replies:
    0
    Views:
    516
  5. will
    Replies:
    4
    Views:
    1,014
    Julian Visch
    Jan 25, 2004
Loading...

Share This Page